Wenn ich diesen Beitrag im Microsoft-Blog richtig verstehe, wurden die Systeme des Unternehmens wieder kompromittiert. Diesmal waren es nicht die Chinesen, sondern die Russen.
The Microsoft security team detected a nation-state attack on our corporate systems on January 12, 2024, and […] has identified the threat actor as Midnight Blizzard, the Russian state-sponsored actor also known as Nobelium. […] Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, including […] cybersecurity […] and exfiltrated some emails and attached documents. […] Given the reality of threat actors that are resourced and funded by nation states, we are shifting the balance we need to strike between security and business risk – the traditional sort of calculus is simply no longer sufficient.
Microsoft Blog
Ich frage mich, ob die Transparenz, die Microsoft an den Tag legt, lobenswert oder eine Notwendigkeit ist. Und der Cybersecurity-Experte Alex Stamos meint, die Sache sei wesentlich größer als sie im Blogbeitrag von Microsoft dargestellt wird.